🐛 Fix password hash in Pwned

staart · Oct 30, 2020 · 10a4b3c · 10a4b3c
1 parent e334973
commit 10a4b3c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/modules/approved-subnets/approved-subnets.service.ts b/src/modules/approved-subnets/approved-subnets.service.ts
@@ -93,7 +93,6 @@ export class ApprovedSubnetsService {
         region: location?.subdivisions.pop()?.names?.en,
         timezone: location?.location?.time_zone,
         countryCode: location?.country?.iso_code,
-        createdAt: new Date(),
       },
     });
     return this.prisma.expose<approvedSubnets>(approved);

diff --git a/src/modules/auth/auth.service.ts b/src/modules/auth/auth.service.ts
@@ -558,7 +558,10 @@ export class AuthService {
   ): Promise<string> {
     if (!ignorePwnedPassword) {
       if (!this.configService.get<boolean>('security.passwordPwnedCheck'))
-        return;
+        return await hash(
+          password,
+          this.configService.get<number>('security.saltRounds'),
+        );
       if (!(await this.pwnedService.isPasswordSafe(password)))
         throw new HttpException(
           'This password has been compromised in a data breach.',